Friday, February 21, 2020

BGP Community No Export

The well known BGP community no export tells BGP neighbors to advertise a prefix only to iBGP neighbors. If you are not sure what BGP communities are and how they work then I advise you to read my introduction to BGP communities first before you continue. Having said that, let’s take a look at a configuration example. Here’s the topology we will use:
BGP Community No Export Topology
Above we see R1 with network 1.1.1.1/32 on a loopback interface. It will advertise this prefix with the no export community set. As a result, R2 will install it in its BGP table and advertises it to R4 (iBGP). It will not be advertised to R3 since this is a eBGP session.

Configuration

Basic BGP Configuration

Here’s the BGP configuration in case you want to try this example yourself:
R1#show running-config | section bgp
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 network 1.1.1.1 mask 255.255.255.255
 neighbor 192.168.12.2 remote-as 24
 no auto-summary
R2#show running-config | section bgp
router bgp 24
 no synchronization
 bgp log-neighbor-changes
 neighbor 192.168.12.1 remote-as 1
 neighbor 192.168.23.3 remote-as 3
 neighbor 192.168.24.4 remote-as 24
 neighbor 192.168.24.4 next-hop-self
 no auto-summary
R3#show running-config | section bgp
router bgp 3
 no synchronization
 bgp log-neighbor-changes
 neighbor 192.168.23.2 remote-as 24
 no auto-summary
R4#show running-config | section bgp
router bgp 24
 no synchronization
 bgp log-neighbor-changes
 neighbor 192.168.24.2 remote-as 24
 no auto-summary
By default BGP does not send any communities. All routers will learn about 1.1.1.1/32:
R2#show ip bgp | include 1.1.1.1
*> 1.1.1.1/32       192.168.12.1             0             0 1 i
R3#show ip bgp | include 1.1.1.1
*> 1.1.1.1/32       192.168.23.2                           0 24 1 i
R4#show ip bgp | include 1.1.1.1
* i1.1.1.1/32       192.168.12.1             0    100      0 1 i

BGP Community No-Export Configuration

Let’s configure our BGP community. First we have to tell R1 to send communities:
R1(config)#router bgp 1
R1(config-router)#neighbor 192.168.12.2 send-community
Now we can create a route-map that sets the BGP community to no-export and we attach it to our neighbor R2:
R1(config)#route-map NO_EXPORT permit 10
R1(config-route-map)#set community no-export

R1(config)#router bgp 1
R1(config-router)#neighbor 192.168.12.2 route-map NO_EXPORT out
Before we reset the BGP session, take a look at the BGP table of R2:
R2#show ip bgp 1.1.1.1
BGP routing table entry for 1.1.1.1/32, version 2
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x820
  Advertised to update-groups:
        1    2
  1
    192.168.12.1 from 192.168.12.1 (192.168.12.1)
      Origin IGP, metric 0, localpref 100, valid, external, best
Above you don’t see any BGP community information. Let’s reset BGP so that you can see the difference:
R2#clear ip bgp *
Here’s what the BGP table of R2 looks like now:
R2#show ip bgp 1.1.1.1
BGP routing table entry for 1.1.1.1/32, version 2
Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised to EBGP peer)
Flag: 0x820
  Advertised to update-groups:
        2
  1
    192.168.12.1 from 192.168.12.1 (192.168.12.1)
      Origin IGP, metric 0, localpref 100, valid, external, best
      Community: no-export
You can see that this prefix is tagged with the no export community. R2 no longer advertises it to eBGP neighbors. Let’s verify this:
R3#show ip bgp 1.1.1.1
% Network not in table
R3 doesn’t have this prefix anymore, R4 does:
R4#show ip bgp 1.1.1.1
BGP routing table entry for 1.1.1.1/32, version 2
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x820
  Not advertised to any peer
  1
    192.168.24.2 from 192.168.24.2 (192.168.24.2)
      Origin IGP, metric 0, localpref 100, valid, internal, best
That’s all there is to it. Set the no export community and your prefix will not be advertised to eBGP neighbors.
hostname R1
!
ip cef
!
interface FastEthernet0/0
 ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.12.1 255.255.255.0
!
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 network 1.1.1.1 mask 255.255.255.255
 neighbor 192.168.12.2 remote-as 24
 neighbor 192.168.12.2 send-community
 neighbor 192.168.12.2 route-map NO_EXPORT out
 no auto-summary
!
route-map NO_EXPORT permit 10
 set community no-export
!
end
hostname R2
!
ip cef
!
interface FastEthernet0/0
 ip address 192.168.12.2 255.255.255.0
!
interface FastEthernet0/1
 ip address 192.168.23.2 255.255.255.0
!
interface FastEthernet1/0
 ip address 192.168.24.2 255.255.255.0
!
router bgp 24
 no synchronization
 bgp log-neighbor-changes
 neighbor 192.168.12.1 remote-as 1
 neighbor 192.168.23.3 remote-as 3
 neighbor 192.168.24.4 remote-as 24
 neighbor 192.168.24.4 next-hop-self
 no auto-summary
!
end
hostname R3
!
ip cef
!
interface FastEthernet0/0
 ip address 192.168.23.3 255.255.255.0
!
router bgp 3
 no synchronization
 bgp log-neighbor-changes
 neighbor 192.168.23.2 remote-as 24
 no auto-summary
!
end
hostname R4
!
ip cef
!
interface FastEthernet0/0
 ip address 172.16.1.1 255.255.255.0
!
router bgp 24
 no synchronization
 bgp log-neighbor-changes
 neighbor 192.168.24.2 remote-as 24
 no auto-summary
!
end


Make sure you also check the other well known BGP communities:
If you have any questions, feel free to leave a comment!
at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)